download

The following guidelines provide a basic checklist for reviewing data models and entity descriptions.
Basic review of model
- Ensure each entity has a singular noun as a name.
- Ensure the diagram is well laid out. Topology guidelines include:
- relationship lines as direct as possible, but retaining clarity;
- master entities higher in the diagram than their details (so avoiding upward pointing relationship arrows);
- minimum crossing lines.
- The diagram should have no visible storage connotations, e.g.:
- indexes and arrays should not be shown unless logically significant;
- business relationships as opposed to physical access paths should be defined.

Review of business implications
Relationship review

Download Free Risk Register Template for IT & Project Management

1. BASIC RISK INFORMATION
Risk Number: Provide a unique identifier for risk

Risk Description / Risk Event Statement: A risk event statement states (i) what might happen in the future and (ii) its possible impact on the project. "Weather" is not a risk event statement. "Bad weather may delay the project" is a risk event statement.

Responsible: Name or title of team member responsible for risk

Date Reported

PCI DSS 1.1 Audit Work Program Templates Free Download

Control 1 - All cardholder-entered PINs are processed in equipment that conforms to the requirements for Tamper-Resistant Security Modules (TRSMs). PINs must never appear in the clear outside of a TRSM

Control 2 - All cardholder PINs processed online are encrypted and decrypted using an approved cryptographic technique that provides a level of security compliant with international and industry standards.

Download Free North American Reliability Corp (NERC) Critical Infrastructure Protection (CIP) standards or simply NERC/CIP is a set of Cyber Security Framework standard that force of by law by the Federal Energy Regulatory Commission (FERC). This standard consist of several domain such as:

CIP-001-1 Sabotage Reporting
Disturbances or unusual occurrences, suspected or determined to be caused by sabotage, shall be reported to the appropriate systems, governmental agencies, and regulatory bodies.

CIP-002-1 Critical Cyber Asset Identification
NERC Standards CIP-002 through CIP-009 provides a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

CIP-002-2 Cyber Security - Critical Cyber Asset Identification
NERC Standards CIP-002-2 through CIP-009-2 provide a cyber security framework for the identification and protection of Critical Cyber Assets to support reliable operation of the Bulk Electric System.

Download Free SAS 70 (Statement on Auditing Standards no 70) Report Content Templates

The SAS 70 type ii report includes three required sections: the auditor’s opinion, the service organization’s description of controls, and tests of operating system effectiveness and the results of those tests. The report may also include an additional section with other information provided by the service organization (provided for informational purposes but not subject to audit).

Section I: Service Auditor’s Opinion
The following is example SAS 70 Type II audit opinion text for a scenario in which the service organization achieves the specified control objectives. The opinion would be modified to suit the circumstances of the specific audit.

Section II: Description of Controls
The service organization’s description of controls typically includes narrative descriptions of the following components:
• Overview of operations
• Description of services provided by the service organization that are covered in the report
• Control objectives and supporting control activities
• Control environment, risk assessment processes, and monitoring processes
• Information systems and communication processes
• User control considerations (i.e., controls that users of the service organization should have in place to address their responsibilities with regard to controls over the service)